Virtual Router Redundancy Protocol White Paper
ImageStream Internet Solutions, Inc. Friday, September 13, 2002
Table Of Contents INTRODUCTION: WHY VRRP?
3
VIRTUAL ROUTER REDUNDANCY PROTOCOL (VRRP)
4
VRRP TERMINOLOGY VRRP: HOW IT WORKS VRRP PACKETS
5 7 8
APPLICATIONS: LOAD SHARING
12
APPLICATIONS: MAINTENANCE WINDOWS WITHOUT DOWNTIME
13
APPLICATIONS: CONFIGURING VRRP ON IMAGESTREAM ROUTERS
14
MASTER/BACKUP CONFIGURATION WITH OWNER MASTER/BACKUP CONFIGURATION WITHOUT OWNER MASTER/BACKUP CONFIGURATION WITH MULTIPLE IP ADDRESSES
14 16 17
ImageStream VRRP White Paper
2
Introduction: Why VRRP? With increasingly commoditized products and pricing among service providers, service level agreements and general service availability have assumed a greater role in the marketplace. Once only a domain of the largest Tier 1 providers, many small- and midsize service providers deploy Internet traffic control devices such as routers and switches in redundant configurations. In today’s service provider market, customers hold providers to a high standard. It is not uncommon to find IP data and telephony services with reliability figures over 99.999%. In a highly-competitive environment, device and link failures are unacceptable. Repeated surveys show that when choosing a service provider, customers value "availability" over every other criteria. "Network reliability" has ranked #1 in each of the last 5 years of eWeek's annual ISP surveys, and “Network performance” has ranked in the top 3. In the 2001 survey, 95% ranked reliability as extremely or very important, making it by far the leading customer concern. The following graph shows the top five surveyed customer concerns when choosing a service provider:
Source: Infonetics 2001 ISP Survey (Scale: 1=lowest 5=highest)
Traditionally, the redundant designs deployed by providers have been "hot standby" configurations that provide one active device and a second identical device that remains in standby mode. This methodology can increase network availability by deploying redundant hardware at different potential points of failure, but it is an expensive solution and typically requires human intervention in the event of a failure.
ImageStream VRRP White Paper
3
With growing expectations for reliability, service providers demand equipment configurations that enhance network stability and reduce mean time to recovery in the event of a failure. Unlike WAN connections, where the BGP4 dynamic routing protocol is commonly deployed to provide redundancy, no standard until VRRP addressed redundancy for LAN connections. The use of a statically configured default route is quite popular because it minimizes configuration and processing overhead on a host, and it is supported by virtually every IP implementation. This mode of operation is likely to persist as dynamic host configuration protocols (DHCP) are deployed that only provide configuration for a host IP address and default gateway. However, this creates a single point of failure. Loss of the default route results in a catastrophic event, isolating all hosts that are unable to detect alternate paths that may be available. There are a number of ways that may be used to provide redundant connections on the LAN side of a gateway router or switch. Most solutions require hosts to run a dynamic routing protocol such as Routing Information Protocol (RIP), Open Shortest Path First routing protocol (OSPF), Intra-Domain IS-IS routing protocol (ISIS), or a broadcast-based discovery method. Running a dynamic routing protocol on all hosts may not be feasible for a number of reasons: administrative overhead, processing overhead, security issues, or lack of protocol support for some host platforms. In a service provider environment, there are situations where administrative control may not be possible because the provider does not have access to a customer device. Neighbor or router discovery protocols typically require active participation by all hosts on a network, which may not be possible depending on the hosts and their support for a particular protocol. In addition, these discovery methods can be impractical on large networks due to the time required to allow all hosts to participate. This situation can lead to significant delays in the detection of a lost (i.e. dead) neighbor, which may result in unacceptable failover delays. The use of a statically configured default route is quite popular; it minimizes configuration and processing overhead on a host and is supported by virtually every IP implementation. This mode of operation is likely to persist as dynamic host configuration protocols (DHCP) are deployed, which typically provide configuration for an end-host IP address and default gateway. However, this creates a single point of failure. Loss of the default route results in a catastrophic event, isolating all hosts that are unable to detect any alternate path that may be available.
Virtual Router Redundancy Protocol (VRRP) The Virtual Router Redundancy Protocol (VRRP) is designed to eliminate the single point of failure inherent in the static default routed environment by automatically providing alternate router paths. VRRP, specified by RFC 2338, uses an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP ImageStream VRRP White Paper
4
routers on a LAN. The VRRP router controlling the IP address(es) associated with a virtual router is called the Master, and forwards packets sent to these IP addresses. The election process provides dynamic failover in the forwarding responsibility should the Master become unavailable. The Virtual Router associated with a given alternate path supported by VRRP uses the same IP address and MAC address as the routers for other paths. As a result, the host's gateway information does not change, no matter what path is used. Because of this, VRRP-based redundancy significantly reduces administrative overhead when compared to redundancy schemes that require hosts to be configured with multiple default gateways. Backup of IP addresses is the primary function of the Virtual Router Redundancy Protocol. While providing election of a Virtual Router Master and the additional functionality described below, RFC 2338 states that the protocol should strive to: • • • • •
Minimize the duration of black holes. Minimize the steady state bandwidth overhead and processing complexity. Function over a wide variety of multiaccess LAN technologies capable of supporting IP traffic. Provide for election of multiple virtual routers on a network for load balancing Support multiple logical IP subnets on a single LAN segment.
VRRP Terminology Each physical router running VRRP is known as a VRRP Router. Two or more VRRP Routers can be configured to form a Virtual Router. Each VRRP Router may participate in one or more Virtual Routers. Additionally, each VRRP-capable device is autonomous. There is no requirement that Virtual Routers be identically configured. Different router models with different numbers of ports and different enabled services may be used in a Virtual Router. A Virtual Router acts as a default or next hop gateway for hosts on a LAN. The Virtual Router is managed by each of the routers running VRRP. Each Virtual Router consists of a user-configured Virtual Router Identifier (VRID) and an IP address or set of IP addresses on the shared LAN. The VRID is used to build the Virtual Router MAC Address. The five highest order octets of the Virtual Router MAC Address are the standard MAC prefix (00-00-5E-0001) defined in RFC 2338. The VRID is used to form the lowest order octet (the last two digits in the MAC address). One, but not more than one, of the VRRP Routers in a Virtual Router may be configured as the IP Address Owner. This router has the Virtual Router's IP address as its real interface address. This router, when up, responds to packets addressed to the Virtual Router's IP address for ICMP pings, TCP connections, etc. ImageStream VRRP White Paper
5
There is no requirement for any VRRP Router to be the IP Address Owner. Virtual Routers may be implemented without an IP Address Owner. For the purposes of this paper, VRRP Routers that are not the IP Address Owner are called “Renters”. While not part of RFC 2338, the Renter designation helps to identify the role of these VRRP Routers. Within each Virtual Router, one of the VRRP routers is selected to be the Virtual Router Master. The election process that determines which VRRP Router is the “Master” is described below. If the IP Address Owner is available, then it will always become the Master. The Virtual Router Master forwards packets sent to the Virtual Router. It also responds to ARP requests the Virtual Router's IP address. Finally, it sends out periodic advertisements to let other VRRP Routers know it is alive and its priority (explained below). Within a Virtual Router, the VRRP routers not selected to be the Master are known as Virtual Router Backups. Should the Virtual Router Master fail, one of the Virtual Router Backups becomes the Master and assumes its responsibilities. A summary of these definitions is contained below in Table 1: Table 1: VRRP Component Definitions
Component Virtual Router: VRRP Router: IP Address Owner:
Renter:
Master: Backup:
Definition The IP address or set of addresses shared by the VRRP Routers and addressed by a unique identifier. A router running Virtual Router Redundancy Protocol. The VRRP router that has the Virtual Router's IP address configured as its real interface address. There cannot be more than one IP Address Owner in a Virtual Router. An optional designation, the IP Address Owner will always win the election process to become Master in a Virtual Router. All VRRP Routers that do not have the Virtual Router's IP address configured as their real interface address. This designation is not defined by RFC 2338. Determined by an election process, the Master is the router that assumes responsibility for forwarding packets sent to the Virtual Router and answering ARP requests for the Virtual Router. A VRRP Router that is available to assume Master duties should the current Master fail.
ImageStream VRRP White Paper
6
Figure 1: VRRP Example
Figure 1 illustrates a simple, two-node Virtual Router using VRRP. The routers in the diagram have been configured as VRRP Routers. They form a Virtual Router. Router/Switch 1 has its real interface configured with the IP address of the Virtual Router, 200.1.1.1/24, and is therefore the IP Address Owner. As long as this VRRP Router is active and available, it will be the Virtual Router Master. Router/switch 2 below is a Virtual Router Backup. Its real interface is configured with an IP address that is on the same subnet as that of the Virtual Router but that is not the IP address of the Virtual Router. As a result, it is a Renter and is also a Virtual Router Backup. In the example above, the Virtual Router will also have been assigned a Virtual Router ID (VRID). If the VRID is 1, both of the VRRP Routers will use the MAC address of 0000-5E-00-01-01.
VRRP: How It Works The hosts shown in Figure 1 are configured with the Virtual Router's IP address as its default gateway. As mentioned above, the Master forwards packets destined to remote subnets and responds to ARP requests. Since, in this example, the Master is also the Virtual Interface Router's IP Address Owner, it also responds to ICMP ping requests and IP datagrams destined for the Virtual Interface Router's IP address. The Backup does not forward any traffic on behalf of the Virtual Interface Router, nor does it respond to ARP requests. If the Master (also the Owner in this case) is not available, the Backup becomes the Master and takes over responsibility for packet forwarding and responding to ARP requests. However, since this new Master router is not the IP Address Owner, it does not respond to ICMP ping requests and IP datagrams destined to that address. Each VRRP Router that is a Renter is configured with a priority between 1 and 254. According to the VRRP standard, an Owner has a priority of 255. In Figure 1 above, once RS1 is configured for VRRP, it looks at the IP address of the virtual router and compares it with the IP addresses of its own interface that is configured for VRRP on that VRID. Since the RS1 owns the Virtual Router’s IP address, it declares itself the ImageStream VRRP White Paper
7
Master and sends out an advertisement to all of the other VRRP Routers. The IP Address Owner is always the Master as long as it is available. It is not necessary for the Virtual Router IP address to be owned by one of the VRRP Routers connecting the LAN to the Internet in Figure 1. In this case, however, the bidding process to determine the Master is different. The process involves comparing two criteria. First, the VRRP Router with the highest priority becomes the Master. Second, if the priorities are the same, the higher IP address wins and becomes the Master. Understanding the VRRP advertisement packet is key to understanding the bidding process.
VRRP Packets VRRP packets are sent encapsulated in IP packets. Figure 2 shows the layout of the packet’s IP header and the packet itself. Figure 2: Contents of a VRRP Packet
The important fields in the IP header (in terms of VRRP) are explained below. Source IP Address: This is a 32-bit field. The source address is the primary IP address of the interface from which the packet is being sent. This is the IP address of the master router’s interface connected to the LAN. Destination IP Address: This is a 32-bit field. It is the IP multicast address assigned by the IANA for VRRP. This multicast IP address is 224.0.0.18. All the routers running VRRP receive this multicast.
ImageStream VRRP White Paper
8
Time To Live (TTL): This is an 8-bit field; the value in this field must be equal to 255. Any VRRP packet received with TTL not equal to 255 is discarded. The router does not forward a datagram with VRRP multicast destination address, regardless of its TTL. Protocol: This is an 8-bit field that specifies the protocol being used. The IP protocol number assigned by IANA for VRRP is 112. The following fields are in the VRRP packet: Version (VERS): This is a 4-bit field that specifies the VRRP version. The version that is available is 2. Type: This is a 4-bit field that specifies the type of VRRP packet. The only type is ADVERTISEMENT. Virtual Router Identifier (VRID): Identifies the virtual router for which this packet is reporting status. Priority: This 8-bit field specifies the sending VRRP router’s priority for the virtual router. A higher value means a higher priority. The priority value of the VRRP router that owns the IP address associated with the virtual router must be 255. The default priority value is 100, but you can assign any value between 1 and 254. A priority of 0 is a special value that specifies the master has stopped working, and the backup router needs to transition to master state. Count IP Addresses: This 8-bit field specifies the number of IP addresses contained in this VRRP advertisement. Authentication Type: This 8-bit field specifies the authentication type being used. A packet with an unknown authentication type or one that does not match the locally configured authentication type is discarded. The authentication methods defined by the RFC are: 0 - No Authentication 1 - Simple Text Password 2 - IP Authentication Header No authentication means that VRRP protocol exchanges are not authenticated. The contents of the Authentication Data field should be set to zero on transmisson and ignored on reception. Simple Text Password authentication indicates that VRRP protocol exchanges are authenticated by a clear text password. The contents of the Authentication Data field should be set to the locally configured password on transmission. There is no default password. The receiving VRRP Router must check that the Authentication Data in the packet matches its configured authentication string. Packets that do not match are discarded automatically. The use of the IP Authentication Header type means the VRRP protocol exchanges are authenticated ImageStream VRRP White Paper
9
using the mechanisms defined by the IP Authentication Header. Although described briefly in the RFC, this authentication type has not been implemented. Advertisement Interval: This 8-bit field specifies the time interval between advertisements sent from the master, to let the backup router know that it is alive. It is important that all routers with the same VRID should have the same advertisement interval. Checksum: This 16-bit field is used to detect data corruption in the VRRP message. IP Address(es): This is a 32-bit field. The IP address is the Virtual Router’s IP address that the Master is backing up. Each address associated with the Virtual Router is included in a separate 32-bit field within the announcement. Not all VRRP implementations fully support this part of RFC 2338. Some, like Nortel's Passport, only support sending a single IP address with each announcement. Authentication Data: The authentication string is currently only utilized for simple text authentication, similar to the simple text authentication found in the Open Shortest Path First routing protocol (OSPF). It is up to 8 characters of plain text, and must match the locally configured string or be discarded. Returning to Figure 1 above, the Master sends out an advertisement at a specified interval to the VRRP IP multicast address (224.0.0.18, defined by IANA) declaring itself as the Master. As long as the Backups receive these advertisements, they remain in the backup state. If a Backup does not receive an advertisement for three advertisement intervals, it starts a bidding process to determine which VRRP Router has the highest priority. The VRRP Router with the highest priority takes over as Master. It is important that all VRRP routers have a physical interface configured with an IP address in the same subnet as the Virtual Router. The VRRP protocol sends only IP addresses and not subnet information. Without the corresponding subnet information, the VRRP Router will add the Virtual Router address as a single IP address with a host (/32 or 255.255.255.255) netmask. This will prevent routing from working properly, as the Virtual Router will not listen to broadcasts from the local network. If, at any time, a Backup determines that it has higher priority than the current Master does, it can preempt the Master, unless it is configured not to do so. In preemption, the Backup begins to send its own advertisements. The current Master will see that the Backup has higher priority and stop functioning as the Master. The Backup will then see that the Master has stopped sending advertisements and assume the role of Master. While preemption can ensure that a primary router will return to Master status once it returns to service, preemption also causes a brief outage while the election process takes place. Disabling preemption will ensure maximum uptime on the network, but will not always result in the primary, or highest priority, router acting as Master.
ImageStream VRRP White Paper
10
VRRP: Perspective of the Host All the decisions regarding who is going to be the Master for a particular LAN are made on the VRRP Routers. The host is oblivious to the whole process. When a host must send a message to another host on a different network connected by the VRRP routers, it sends an ARP request for the MAC address of the default gateway. Normally, when a host “ARPs for” (resolves) the MAC address, the router replies with its own physical address. But when VRRP is deployed, the Master replies with a virtual MAC address instead of its actual MAC address. The benefit of this virtual MAC address is that when the Master goes down and a Backup router becomes the Master, it does not make any difference to the host because it uses the same MAC address. The virtual MAC address belongs to the virtual IP address, which belongs to the Master for that VRID. For instance, return to Figure 1 above. Host A wants to send data to a host on the Internet. In this case, RS1 is acting as the Master, and RS2 is the backup. Host A will ARP for the MAC address to the default gateway whose IP address is 200.1.1.1/24. In return, RS1 replies with the virtual router's MAC address (which is 00-00-5E-00-01). Then, the host sends the packets to this MAC address. The datagrams are then routed out of the LAN and to the Internet. If RS1 goes down, and RS2 takes over as the virtual master, all forwarding and ARP tasks are performed by RS2. Therefore, when Host A sends an ARP for the MAC address to the default gateway, RS2 replies to that with the virtual router's MAC address (again, 00-00-5E-00-01-). Another scenario is that the host already had an ARP table and knows that if it needs to send any information to the 200.1.1.1/24 IP address (which is its default gateway), it will send it to the 00-00-5E-00-01- MAC address. So, it sends it to the virtual router's MAC address, and the information flows via RS2 instead of RS1. For the host, it is all the same.
ImageStream VRRP White Paper
11
Applications: Load Sharing Referring to Figure 1 in our initial example, the Master is forwarding all of the traffic. The other router is an idle Backup. To utilize the bandwidth efficiently, we can create two different VRIDs, sending some of the traffic through RS1 and other traffic through RS2. To do this, we configure RS1 to be the default gateway for a certain number of hosts, and RS2 for the rest of them. Figure 3: Load Sharing Example
In Figure 3, RS1 is the default gateway for the three hosts at the top, and RS2 is the default gateway for the three hosts at the bottom. There are two VRIDs: 1 and 2. RS1 (with VRID 1) is the Master for host A, B and C, and Backup for the hosts D, E and F. On the other hand, RS2 (with VRID 2) is the Master for the hosts D, E and F, and the Backup for A, B and C. This way, the traffic going out of the LAN 200.1.1.0/24 is shared between the two routers, thus efficiently utilizing the routers and bandwidth.
ImageStream VRRP White Paper
12
Applications: Maintenance Windows Without Downtime VRRP can also be used to eliminate downtime due to maintenance, the leading cause of router downtime on today's networks. An average router requires software upgrades 2 to 4 times a year, requiring a reboot. Depending on the complexity of the configuration, the Mean Time To Restoration (MTTR) can range from 5 to 40 minutes, during which the router is "down" (i.e., not passing traffic). In Figure 1 above, if RS1 must be upgraded, RS2 can take over routing for temporarily and the hosts see the Virtual Router as “up” (i.e. passing traffic). The following calculations in Table 2 show, for a 500 router network typical of a medium-sized nationwide service provider, an average expected savings 99% of router downtime, or 123.75 hours, in our calculations. Table 2: Router Downtime Calculations Router Downtime Calculations Assume a Router will encounter, on average, a total of 3 software upgrades or control module failures per year. (Actual range: 2-6) Assume an average router reboot takes 5 minutes (Actual range: 440min.): Without VRRP 3 reboots X 5 min = 15 min/year downtime* With VRRP 3 VRRP Master elections x 3 seconds = 9 sec/year downtime*
Assume a Service Provider with 500 routers: Without VRRP 500 routers x 15 min/year/router= 125 hours With VRRP 500 routers x 9 sec/year/router= 1.25 hours Savings: 123.75 hours router downtime/year * From failures or software upgrades. There may be other sources of downtime not included here.
ImageStream VRRP White Paper
13
Applications: Configuring VRRP On ImageStream Routers Master/Backup Configuration With Owner Figure 1: VRRP Example
To understand how to configure VRRP on an ImageStream, consider the configuration from Figure 1. In this example, there is one network, 200.1.1.0/24. To keep things simple, assume that all of the network segments use the same physical topology and both VRRP Routers use Ethernet0 for the Virtual Router connection. RS1 is the Owner and Master, and RS2 is a Backup. This is the most common VRRP setup.
RS1 configuration: ! interface Ethernet0 ip address 200.1.1.1 255.255.255.0 vrrp 1 ip 200.1.1.1 vrrp 1 priority 255 vrrp 1 authentication password !
Specifies the Ethernet device configured Specifies the Ethernet interface IP address Adds IP address 200.1.1.1 to VRID #1 Sets router priority to 255 (Owner) Sets authentication to simple text, using “password” as the authentication string
RS2 configuration: ! interface Ethernet0 ip address 200.1.1.2 255.255.255.0 vrrp 1 ip 200.1.1.1 vrrp 1 priority 100 vrrp 1 authentication password !
Specifies the Ethernet device configured Specifies the Ethernet interface IP address Adds IP address 200.1.1.1 to VRID #1 Sets router priority to 100 (This is the default value) Sets authentication to simple text, using “password” as the authentication string
The VRRP configuration is identical for the two routers, except for the priority. RS1 has its priority set to 255, which identifies it as the Owner. As the Owner, RS1 must have the Virtual Router's IP address (200.1.1.1, in the example above) configured as a real interface address. ImageStream VRRP White Paper
14
It is important that all VRRP routers have a physical interface configured with an IP address in the same subnet as the Virtual Router. The VRRP protocol sends only IP addresses and not subnet information. Without the corresponding subnet information, the VRRP Router will add the Virtual Router address as a single IP address with a host (/32 or 255.255.255.255) netmask. This will prevent routing from working properly, as the Virtual Router will not listen to broadcasts from the local network. Remember that only 8 characters of the authentication string are used. If the VRRP Router is configured with an authentication string longer than 8 characters, the remaining characters will be ignored. For example, if the string “imagestream” is used, "imagestr" will be the string sent in the VRRP packet and “eam” is ignored.
ImageStream VRRP White Paper
15
Master/Backup Configuration Without Owner Figure 1: VRRP Example
Again considering the diagram from Figure 1, this example will illustrate a configuration where neither VRRP Router is the Owner. In this example, there is one network, 200.1.1.0/24. To keep things simple, assume that all of the network segments use the same physical topology and both VRRP Routers use Ethernet0 for the Virtual Router connection. RS1 is the Master, and RS2 is a Backup.
RS1 configuration: ! interface Ethernet0 ip address 200.1.1.1 255.255.255.0 vrrp 1 ip 200.1.1.5 vrrp 1 priority 200 vrrp 1 authentication password !
Specifies the Ethernet device configured Specifies the Ethernet interface IP address Adds IP address 200.1.1.5 to VRID #1 Sets router priority to 200 Sets authentication to simple text, using “password” as the authentication string
RS2 configuration: ! interface Ethernet0 ip address 200.1.1.2 255.255.255.0 vrrp 1 ip 200.1.1.5 vrrp 1 priority 100 vrrp 1 authentication password !
Specifies the Ethernet device configured Specifies the Ethernet interface IP address Adds IP address 200.1.1.5 to VRID #1 Sets router priority to 100 (This is the default value) Sets authentication to simple text, using “password” as the authentication string
In this case, the VRRP configuration is identical, except for the priority. RS1 has its priority set to 200, which when compared to RS2’s priority of 100, will ensure that RS1 is the Master. There is no Owner in this configuration, since neither VRRP Router has the Virtual Router IP address configured on a real interface address. Both VRRP Routers are considered Renters.
ImageStream VRRP White Paper
16
Master/Backup Configuration With Multiple IP Addresses Figure 1: VRRP Example
Again considering the diagram from Figure 1, this example will illustrate a configuration where more than one address is shared with the Virtual Router. In this example, there is one network, 200.1.1.0/24. To keep things simple, assume that all of the network segments use the same physical topology and both VRRP Routers use Ethernet0 for the Virtual Router connection. RS1 is the Master, and RS2 is a Backup.
RS1 configuration: ! interface Ethernet0 ip address 200.1.1.1 255.255.255.0
Specifies the Ethernet device configured Specifies the Ethernet interface IP address
ip address 200.1.1.5 255.255.255.0 secondary
Specified a secondary Ethernet interface IP address
vrrp 1 ip 200.1.1.1
Adds IP address 200.1.1.1 to VRID #1
vrrp 1 ip 200.1.1.5 secondary
Adds IP address 200.1.1.5 to VRID #1
vrrp 1 priority 200 vrrp 1 authentication password !
Sets router priority to 200 Sets authentication to simple text, using “password” as the authentication string
RS2 configuration: ! interface Ethernet0 ip address 200.1.1.2 255.255.255.0
Specifies the Ethernet device configured Specifies the Ethernet interface IP address
vrrp 1 ip 200.1.1.1
Adds IP address 200.1.1.1 to VRID #1
vrrp 1 ip 200.1.1.5
Adds IP address 200.1.1.5 to VRID #1
vrrp 1 priority 100 vrrp 1 authentication password !
Sets router priority to 100 (This is the default value) Sets authentication to simple text, using “password” as the authentication string
The VRRP configuration is identical for the two routers, except for the priority. RS1 has its priority set to 255, which identifies it as the Owner. As the Owner, RS1 must have the Virtual Router's IP addresses (200.1.1.1 and 200.1.1.5, in the example above) configured as real interface addresses. ImageStream VRRP White Paper
17
Load Sharing Configuration Figure 3: Load Sharing Example
The load sharing example from Figure 3 is configured in a similar manner. In this example, there is one network, 200.1.1.1/24. To keep things simple, assume that all of the network segments use the same physical topology and use Ethernet0 for the Virtual Router connection. RS1 is the Owner and Master for VRID #1, and RS2 is a Backup for VRID #1. RS2 is the Owner and Master for VRID #2. RS1 is a Backup for VRID #2.
RS1 configuration: ! interface Ethernet0 ip address 200.1.1.1 255.255.255.0
Specifies the Ethernet device configured Specifies the Ethernet interface IP address
vrrp 1 ip 200.1.1.1
Adds IP address 200.1.1.1 to VRID #1
vrrp 1 priority 255
Sets router priority to 255 (Owner)
vrrp 1 authentication password
Sets authentication to simple text, using “password” as the authentication string
vrrp 2 ip 200.1.1.2
Adds IP address 200.1.1.2 to VRID #2
vrrp 2 priority 100 vrrp 2 authentication vrid2 !
ImageStream VRRP White Paper
Sets router priority to 100 (This is the default) Sets authentication to simple text, using “vrid2” as the authentication string
18
RS2 configuration: ! interface Ethernet0 ip address 200.1.1.2 255.255.255.0
Specifies the Ethernet device configured Specifies the Ethernet interface IP address
vrrp 1 ip 200.1.1.1
Adds IP address 200.1.1.1 to VRID #1
vrrp 1 priority 100
Sets router priority to 100 (This is the default value)
vrrp 1 authentication password
Sets authentication to simple text, using “password” as the authentication string
vrrp 2 ip 200.1.1.2
Adds IP address 200.1.1.2 to VRID #2
vrrp 2 priority 255 vrrp 2 authentication vrid2 !
Sets router priority to 255 (Owner) Sets authentication to simple text, using “vrid2” as the authentication string
The VRRP configuration for each VRID is mirrored. Each VRRP Router is the Owner and Master for one VRID and the Backup for the other. In the example above, RS1 is the default gateway for the three hosts at the top, and RS2 is the default gateway for the three hosts at the bottom. There are two VRIDs: 1 and 2. RS1 (with VRID 1) is the Master for host A, B and C, and Backup for the hosts D, E and F. On the other hand, RS2 (with VRID 2) is the Master for the hosts D, E and F, and the Backup for A, B and C. This way, the traffic going out of the LAN 200.1.1.0/24 is shared between the two routers, thus efficiently utilizing the routers and bandwidth.
ImageStream VRRP White Paper
19
References 1. 2. 3. 4. 5. 6.
RFC 2238 Internetworking with TCP/IP; Douglas E. Comer Virtual Matrix Architecture White Paper – Verio VRRP White Paper – Nortel “Getting Why You Pay For”; Rebecca Wetzel, eWeek 9/20/2001 Infonetics 2001 ISP Survey
ImageStream VRRP White Paper
20
